Welcome to Splunk Documentation

Here you'll find documentation for Splunk Enterprise and for all other Splunk products. You can make PDFs of product manuals, look up a term in the Splexicon, and submit feedback. You can also follow us on Twitter!

A good additional resource for new Splunk Enterprise users is the Splunk book: Exploring Splunk.

The Splunk App for Enterprise Security provides prebuilt content and searches to help focus security analysts on answering root-cause questions in real-time about malicious and anomalous events in the IT infrastructure.

The Splunk App for PCI Compliance tells you how compliant you are to PCI DSS by collecting data from applications, systems, and devices within
the PCI cardholder data environment and correlating it with asset and user identity data to monitor for compliance issues.

The Splunk Web Framework is an integrated framework for web developers who want to create rich, interactive experiences using Splunk and its analytical capabilities. The Splunk Web Framework lets you quickly create custom Splunk apps by using pre-built components, styles, templates, and reusable samples, and by adding your own custom logic, interactions, reusable components, and UI. You will find reference documentation for the new framework here. For concepts, how-to information, and example, see Web Framework on the Splunk for Developers site.

The Splunk ODBC Driver enables you to connect an ODBC-enabled third-party app (such as Microsoft Excel, Tableau, and so on) to Splunk. You can then construct Structured Query Language (SQL) queries to interact with your Splunk server directly from your app.

The Splunk App for Windows Infrastructure provides views into several aspects of your Microsoft environment, including information on Windows processes, performance, and inventory, and Active Directory status.

The Splunk Supporting Add-on for Active Directory provides support functions to the Splunk Apps for Windows Infrastructure, Active Directory, and Microsoft Exchange that enable you to extract information from an Active Directory database.

The Splunk App for Unix and Linux provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management so you can monitor, manage and troubleshoot *nix operating systems from one place. The app includes a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data.

The Common Information Model (CIM) is a set of field names and tags that are expected to define the lowest common denominator of a domain of interest. Armed with the CIM, you should be able to map a new data source to the proper interface, validate that the domain interface has the expected data, and start writing or using an app that expects that domain interface.